Free SSCP Exam Braindumps (page: 58)

Page 57 of 269

Why should batch files and scripts be stored in a protected area?

  1. Because of the least privilege concept.
  2. Because they cannot be accessed by operators.
  3. Because they may contain credentials.
  4. Because of the need-to-know concept.

Answer(s): C

Explanation:

Because scripts contain credentials, they must be stored in a protected area and the transmission of the scripts must be dealt with carefully. Operators might need access to batch files and scripts. The least privilege concept requires that each subject in a system be granted the most restrictive set of privileges needed for the performance of authorized tasks. The need-to-know principle requires a user having necessity for access to, knowledge of, or possession of specific
information required to perform official tasks or services.


Reference:

WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#1 Access Control System & Methodology (page 3)



Which of the following Kerberos components holds all users' and services' cryptographic keys?

  1. The Key Distribution Service
  2. The Authentication Service
  3. The Key Distribution Center
  4. The Key Granting Service

Answer(s): C

Explanation:

The Key Distribution Center (KDC) holds all users' and services' cryptographic keys. It provides authentication services, as well as key distribution functionality. The Authentication Service is the part of the KDC that authenticates a principal. The Key Distribution Service and Key Granting Service are distracters and are not defined Kerberos components.


Reference:

WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#1 Access Control System & Methodology (page 3)



Sensitivity labels are an example of what application control type?

  1. Preventive security controls
  2. Detective security controls
  3. Compensating administrative controls
  4. Preventive accuracy controls

Answer(s): A

Explanation:

Sensitivity labels are a preventive security application controls, such as are firewalls, reference monitors, traffic padding, encryption, data classification, one-time passwords, contingency planning, separation of development, application and test environments.
The incorrect answers are:
Detective security controls - Intrusion detection systems (IDS), monitoring activities, and audit trails.
Compensating administrative controls - There no such application control.
Preventive accuracy controls - data checks, forms, custom screens, validity checks, contingency planning, and backups.
Sources:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 264).
KRUTZ, Ronald & VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing Inc., 2003, Chapter 7: Application Controls, Figure 7.1 (page 360).



Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure?

  1. The Take-Grant model
  2. The Biba integrity model
  3. The Clark Wilson integrity model
  4. The Bell-LaPadula integrity model

Answer(s): C

Explanation:

The Clark Wilson integrity model addresses the three following integrity goals: 1) data is protected from modification by unauthorized users; 2) data is protected from unauthorized modification by authorized users; and 3) data is internally and externally consistent. It also defines a Constrained Data Item (CDI), an Integrity Verification Procedure (IVP), a Transformation Procedure (TP) and an Unconstrained Data item. The Bell-LaPadula and Take-Grant models are not integrity models.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architecture and Models (page 205).






Post your Comments and Discuss ISC SSCP exam with other Community members:

SSCP Exam Discussions & Posts